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AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1-23. (Cancelled). 

24. (Cvirrently Amended) In a computer system, the computer system including 
system memory, a processor, and a computer-readable medium, a data store and a method store 
being stored on the computer-readable medium, the data store and the method store arranged 
together in a combined item hierarchy on the computer-readable medivim, the data store having 
least one data item that depends from a method in the method store and the method store having 
at least one method that depends from data in the data store, the combined item hierarchy being 
divided into one or more non-overlapping security zones, each of the one or more non- 
overlapping security zones being defined as a grouping of one or more data items and one or 
more method items having common security rules such that principals vsdth rights to items in a 
non-overlapping security zone can treat all the items in the non-overlapping security zone 
uniformly in accordance with common security rules, a method of authenticating principal 
identity and then splitting the one or more non-overlapping security zones into a plurality of non- 
overlapping security zones to facilitate more efficient assignment of rights to principals, 
comprising: 

an act of accessing a first access control list, the first access control list defining 
rights based on common security rules that principals are to have in an existing non- 
overlapping zone from among the one or more non-overlapping zones: 

an act of accessing authentication information that specifies the identity of the 
principals that are to have the rights in the existing non-overlapping zone: 

an act of authenticating the principals bv verifying the identity of the principals by 
using the authentication information and by verifying that the principals are to have the 
rights defined in the first access control list: 

an act of identifying a grouping of data items and method items in the combined 
item hierarchy for which new common security rules are to be enforced, the identified 
grouping of data items and method items currently included in [[an]] the existing non- 
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overlapping zone from among the one or more non overlapping zones , existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zone; 

an act of the processor re-configuring the one or more non-overlapping security 
zones so that rights can be assigned at a granularity that is finer than an entire database 
but yet coarse enough so as to not require assignment for each item, including: 

an act of splitting the existing non-overlapping security zone into a new 
non-overlapping security zone and a remnant of the existing non-overlapping 
security zone, the arrangement of the new non-overlapping security zone relative 
to the remnant of the existing non-overlapping security zone based on the location 
of the identified grouping of data items and method items within the combined 
item hierarchy, the new non-overlapping security zone for containing the 
identified grouping of data items and methods items, the remnant of the existing 
non-overlapping security zone containing at least one data item or method item 
from the existing non-overlapping security zone, wherein said splitting is 
restricted in such a way as to prevent overlapping between security zones and 
such that none of the data items and method items are included in more than one 
security zone; and 

an act of adjusting data prop e rti e s labeling [[of]] each of the items in the 
identified grouping of data items and method items with a security zone 
enumeration corresponding to the new non-overlapping security zones t o 
represent that the identified grouping of data items and method items are 
contained in the new non-overlapping security zone; 

for any principals that had existing rights in the existing non-overlapping security 
zone based on the existing common security rules being enforced in the existing non- 
overlapping security zone at the time the existing non-overlapping zone was split, an act 
of retaining those existing rights in the new non-overlapping security zone, including in 
the identified grouping of data items and methods items, subsequent to splitting the 
existing non-overlapping security zone and subsequent to adjusting data proportios 
labeling to represent that the identified grouping of data items and methods items are 
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contained in the new non-overlapping security zone; and 

an act of granting one or more other rights in the new non-overlapping zone to 
one or more additional principals in accordance with the new common security rules, 
assigning the other rights to the new non-overlapping zone collectively granting the other 
rights to each item in the identified grouping of data items and method items through the 
assignment of the other rights to the new non-overlapping security zone, the other rights 
differing from the existing rights. 

25. (Previously Presented) The method of claim 24, wherein specifying the one or 
more additional principals is performed by the one or more main principals. 

26. (Cancelled) 

27. (Previously Presented) The method of claim 24, the rights being security rights. 

28. (Previously Presented) The method of claim 24, the rights being auditing rights. 
Claims 29-32. (Cancelled). 

Claim 33. (Cancelled). 
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34. (Currently Amended) A computer program product for use at a computer system, 
the computer program product comprising one or more computer-readable storage media, a data 
store and a method stored being stored on the one or more computer-readable storage media, the 
data store and the method store arranged together in a combined item hierarchy on the computer- 
readable medium, the data store having least one data item that depends from a method in the 
method store and the method store having at least one method that depends from data in the data 
store, the combined item hierarchy being divided into one or more non-overlapping security 
zones, each of the one or more non-overlapping security zones being defined as a grouping of 
one or more data items and one or more method items having common security rules such that 
principals with adminisfrative rights to items in a non-overlapping security zone can freat all the 
items in the non-overlapping security zone uniformly in accordance with common security rules, 
the computer-readable storage media also storing computer-executable instructions that, when 
executed by a processor, cause the computer system to perform a method of authenticating 
principal identity and then splitting the one or more non-overlapping security zones into a 
plurality of non-overlapping security zones to facilitate more efficient delegation of 
adminisfrative rights to principals , comprising: 

an act of accessing a first access control list, the first access control list defining 
administrative rights based on common security rules that principals are to have in an 
existing non-overlapping zone from among the one or more non-overlapping zones; 

an act of accessing authentication information that specifies the identity of the 
principals that are to have the administrative rights in the existing non-overlapping zone: 

an act of authenticating the principals by verifying the identity of the principals by 
using the authentication information and by verifying that the principals are to have the 
adminisfrative rights defined in the first access confrol list; 

an act of identifying a grouping of data items and method items in the combined 
item hierarchy for which new common security rules are to be enforced, the identified 
grouping of data items and method items currently included in [[an]] fte existing non- 
overlapping zone from among tii e on e or mor e non ov e rlapping zon e s , existing common 
security rules being enforced within the existing non-overlapping zone, the new common 
security rules differing from the existing common security rules being enforced within 
the existing non-overlapping zone; 
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an act of the re-configuring the one or more non-overlapping security zones so 
that administrative rights can be delegated at a granularity that is finer than an entire 
database but yet coarse enough so as to not require delegation for each item, including: 

an act of splitting the existing non-overlapping security zone into a new 
non-overlapping security zone and a remnant of the existing non-overlapping 
security zone, the arrangement of the new non-overlapping security zone relative 
to the remnant of the existing non-overlapping security zone based on the location 
of the identified grouping of data items and method items within the combined 
item hierarchy, the new non-overlapping security zone for containing the 
identified grouping of data items and methods items, the remnant of the existing 
non-overlapping security zone containing at least one data item or method item 
from the existing non-overlapping security zone, wherein said splitting is 
restricted in such a way as to prevent overlapping between security zones and 
such that none of the data items and method items are included in more than one 
security zone; and 

an act of adjusting data prop e rti e s labeling [[of]] each of the items in the 
identified grouping of data items and method items with a security zone 
enumeration corresponding to the new non-overlapping security zones t o 
represent that the identified grouping of data items and method items are 
contained in the new non-overlapping security zone; 

for any principals that had existing administrative rights in the existing non- 
overlapping security zone based on the existing common security rules being enforced in 
the existing non-overlapping security zone at the time the existing non-overlapping zone 
was split, an act of retaining those existing administrative rights in the new non- 
overlapping security zone, including in the identified grouping of data items and methods 
items, subsequent to splitting the existing non-overlapping security zone and subsequent 
to adjusting data properties labeling to represent that the identified grouping of data items 
and methods items are contained in the new non-overlapping security zone; and 

an act of granting other administrative rights in the new non-overlapping zone to 
one or more additional principals in accordance with the new common security rules, 
assigning the other administrative rights to the new non-overlapping zone collectively 
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granting the other administrative rights to each item in the identified grouping of data 
items and method items through the granting of the other administrative rights to the new 
non-overlapping security zone, the other administrative rights differing from the existing 
administrative rights. 

35. (Cancelled). 

36. (Currently Amended) The method of claim 24, wherein the existing common 
security rales comprise a[[n]] second access control list defining the rights a principal has to the 
items in the remnant of the existing non-overlapping security zone. 

37. (Currently Amended) The method of claim 24, wherein the new common security 
rules comprise a[[n]] second access control list defining the rights a principal has to the items in 
the new non-overlapping security zone. 

38. (Previously Presented) The computer program product of claim 34, wherein 
specifying the one or more additional principals is performed by the one or more main principals. 

39. (Cancelled) 

40. (Previously Presented) The computer program product of claim 34, the 
administrative rights being security rights. 

41. (Previously Presented) The computer program product of claim 34, the 
administrative rights being auditing rights. 

42. (Currently Amended) The computer program product of claim 34, wherein the 
existing common security rules comprise a[[n]] second access control list defining the rights a 
principal has to the items in the remnant of the existing non-overlapping security zone. 
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43. (Currently Amended) The computer program product of claim 34, wherein the 
new common security rules comprise a[[n]] second access control list defining the rights a 
principal has to the items in the new non-overlapping security zone. 

44. (Previously Presented) The method as recited in claim 24, wherein an act 
of granting other rights in the new non-overlapping security zone to one or more additional 
principals in accordance with the new common security rules comprises an act of granting a set 
of rights in the non-overlapping security zone to the one or more additional principals so as to 
collectively grant the set of rights to the one or more additional principals for each item in the 
identified grouping of data items and method items through the granting of the set of rights in the 
new non-overlapping security zone, the set of rights including one or more rights selected fi:om 
among: read, write, delete, and execute. 

45. (Previously Presented) The computer program product as recited in claim 
34, wherein an act of granting other rights in the new non-overlapping security zone to one or 
more additional principals in accordance with the new common security rules comprises an act 

of granting a set of rights in the non-overlapping security zone to the one or more additional 
principals so as to collectively grant the set of rights to the one or more additional principals for 
each item in the identified grouping of data items and method items through the granting of the 
set of rights in the new non-overlapping security zone, the set of rights including one or more 
rights selected firom among: read, write, delete, and execute. 
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